1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

lavasoft adware blekko search engine

Discussion in 'Virus & Other Malware Removal' started by isasooner, Oct 22, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. isasooner

    isasooner Thread Starter

    Joined:
    Oct 22, 2012
    Messages:
    111
    I cannot remove lavasoft adware and blekko search engine from my laptop. Tried everything. going to registry, my computer,manage search engines and even deleted all unwanted search engines from my hard-drive.and nothing.
    I need help.
     
  2. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    650
    Hello isasooner and welcome to TSG.

    My name is Satchfan and I would be glad to help you with your computer problem.




    Please read the following guidelines which will help to make cleaning your machine easier:
    • please follow all instructions in the order posted
    • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
    • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
    • if you don't understand something, please don't hesitate to ask for clarification before proceeding
    • the fixes are specific to your problem and should only be used for this issue on this machine.
    • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
    IMPORTANT:

    Please DO NOT install/uninstall any programs unless asked to.
    Please DO NOT run any scans other than those requested


    ===================================================

    Download and run AdwCleaner




    Download AdwCleaner from here and save it to your desktop.
    • run AdwCleaner and select Delete
    • when it has finished it will ask to reboot - allow the reboot
    • on reboot a log will be produced; please attach the content of the log to your next reply
    ===================================================




    Download and run OTL
    • download OTL to your desktop.
    • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • click Scan all users.
    • under Custom Scan paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT
    • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wonÂ’t take long.
    • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    • you may need two posts to fit them both in.
    ===================================================




    Run aswMBR
    • download aswMBR.exe to your desktop.
    • double click the aswMBR.exe to run it
    • if asked, accept the AVAST virus definition download
    • click the "Scan" button to start scan
    • on completion of the scan click Save log, save it to your desktop and post in your next reply.Note - do NOT attempt any Fix yet.
    Logs to include with next post:

    AdwCleaner log
    OTL.txt
    Extras.txt
    aswMBR log

    Thanks

    Satchfan
     
  3. isasooner

    isasooner Thread Starter

    Joined:
    Oct 22, 2012
    Messages:
    111
    # AdwCleaner v2.005 - Logfile created 10/23/2012 at 17:11:17
    # Updated 14/10/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Idris - ISASOONER
    # Boot Mode : Normal
    # Running from : C:\Users\Idris\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : DefaultTabSearch

    ***** [Files / Folders] *****

    Deleted on reboot : C:\Users\Idris\AppData\Roaming\DefaultTab
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
    File Deleted : C:\Users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\extensions\[email protected]
    File Deleted : C:\Users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\searchplugins\my-web-search.xml
    File Deleted : C:\Users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\searchplugins\search-here.xml
    Folder Deleted : C:\Program Files (x86)\DefaultTab
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\ProgramData\WeCareReminder
    Folder Deleted : C:\Users\Idris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
    Folder Deleted : C:\Users\Idris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif
    Folder Deleted : C:\Users\Idris\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Idris\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
    Folder Deleted : C:\Users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\extensions\wecarereminder@bryan

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Babylon
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Default Tab
    Key Deleted : HKCU\Software\DefaultTab
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\wecarereminder
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\BabyDict
    Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss
    Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile
    Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
    Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
    Key Deleted : HKLM\Software\Default Tab
    Key Deleted : HKLM\Software\DefaultTab
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\Software\Iminent
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
    Key Deleted : HKLM\SOFTWARE\Software
    Key Deleted : HKLM\SOFTWARE\Tarma Installer
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Mozilla Firefox v16.0.1 (en-US)

    Profile name : default
    File : C:\Users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\prefs.js

    C:\Users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\user.js ... Deleted !

    Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
    Deleted : user_pref("browser.search.defaultengine", "Ask.com");
    Deleted : user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browserse[...]
    Deleted : user_pref("extensions.BabylonToolbar.admin", false);
    Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
    Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
    Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
    Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 9);
    Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");
    Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
    Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
    Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
    Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "2B1774DE9070D776E3E1F8D8CA116C48");
    Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
    Deleted : user_pref("extensions.BabylonToolbar.id", "56bf00b80000000000009cb70dc61088");
    Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15622");
    Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
    Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=114336&tt=031012[...]
    Deleted : user_pref("extensions.BabylonToolbar.lastActv", "18");
    Deleted : user_pref("extensions.BabylonToolbar.lastDP", 9);
    Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.0.717:54:10");
    Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "15.0");
    Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
    Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "about:home");
    Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
    Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
    Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 88387859);
    Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
    Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
    Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
    Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
    Deleted : user_pref("extensions.BabylonToolbar.sg", "tzb");
    Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "tzb");
    Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
    Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "bbcln");
    Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
    Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
    Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.0.717:54:10");
    Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
    Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
    Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "56bf00b8000000000000e840f26ee24e");
    Deleted : user_pref("extensions.BabylonToolbar_i.id", "56bf00b8000000000000e840f26ee24e");
    Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15445");
    Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
    Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
    Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
    Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
    Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.717:54:10");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
    Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]
    Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
    Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.babylon.com/?babsrc=KW_def&AF=17284&q=[...]
    Deleted : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
    Deleted : user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sa[...]

    -\\ Google Chrome v22.0.1229.94

    File : C:\Users\Idris\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.20] : urls_to_restore_on_startup = [ "hxxp://www.msn.com/", "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8C21AF89554D5ADF1847E150840B7333", "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8C21AF89554D5ADF1847E15084341867", "hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=48" ]
    Deleted [l.62] : icon_url = "hxxp://search.conduit.com/fav.ico",
    Deleted [l.65] : keyword = "search.conduit.com",
    Deleted [l.68] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3244149",
    Deleted [l.2263] : urls_to_restore_on_startup = [ "hxxp://www.msn.com/", "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8C21AF89554D5ADF1847E150840B7333", "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8C21AF89554D5ADF1847E15084341867", "hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=48" ]

    *************************

    AdwCleaner[S1].txt - [21381 octets] - [23/10/2012 17:11:17]

    ########## EOF - C:\AdwCleaner[S1].txt - [21442 octets] ##########
     
  4. isasooner

    isasooner Thread Starter

    Joined:
    Oct 22, 2012
    Messages:
    111
    OTL logfile created on: 10/23/2012 5:25:12 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Idris\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.61 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 69.89% Memory free
    8.98 Gb Paging File | 7.82 Gb Available in Paging File | 87.16% Paging File free
    Paging file location(s): c:\pagefile.sys 5500 8500 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 281.88 Gb Total Space | 236.50 Gb Free Space | 83.90% Space Free | Partition Type: NTFS

    Computer Name: ISASOONER | User Name: Idris | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/23 17:18:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Idris\Downloads\OTL.exe
    PRC - [2012/10/20 17:39:55 | 000,107,520 | ---- | M] () -- C:\Users\Idris\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    PRC - [2010/11/29 15:54:58 | 002,402,696 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe


    ========== Modules (No Company Name) ==========

    MOD - [2010/11/29 15:54:58 | 002,402,696 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe
    MOD - [2010/11/29 15:54:54 | 000,092,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Scan\KSS_WMI.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/06/10 00:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV:64bit: - [2011/06/08 00:54:56 | 000,204,288 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/05/17 17:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2010/10/20 17:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/10/20 17:39:55 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Idris\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
    SRV - [2012/10/14 20:01:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/09 17:10:23 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/03/22 08:38:06 | 000,628,624 | ---- | M] (WinZip Computing, S.L. (WinZip Computing)) [Auto | Running] -- C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe -- (WINZIPSSDiskOptimizer)
    SRV - [2011/07/11 20:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2010/04/23 18:12:40 | 000,133,640 | ---- | M] () [Disabled | Stopped] -- c:\UBIOS\GFNEXSrv.exe -- (GFNEXSrv)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/05 12:45:36 | 001,675,840 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
    DRV:64bit: - [2011/06/08 01:42:26 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/06/08 00:16:14 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/23 20:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
    DRV:64bit: - [2011/02/08 22:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
    DRV:64bit: - [2011/02/03 22:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/01/13 22:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/10/29 19:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
    IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm044YYus&ptnrS=XPxdm044YYus&si=CI6ruuum4K8CFQkFnQodM2cb_A&ptb=0A0BAC9F-FAD7-4DC9-BDB9-72E03A2050F1&psa=&ind=2012050120&st=sb&n=77ed72c8&searchfor={searchTerms}


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
    IE - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\..\SearchScopes\{6743C0EC-A765-45D2-896D-DD10C68A4FFD}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
    IE - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=S1122&geo=US&ver=6
    IE - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\..\SearchScopes\{CF006ECD-C343-4ED5-932C-0D2A120861F3}: "URL" = http://www.mysearchresults.com/search?&c=0000&t=01&q={searchTerms}
    IE - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\..\SearchScopes\{E1CF7D1B-C719-49A2-B7C0-544A7DBD37CF}: "URL" = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=8C21AF89554D5ADF1847E15084341867&q={searchTerms}
    IE - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20121042,6859,0,62,0"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8C21AF89554D5ADF1847E15084341867"
    FF - prefs.js..extensions.enabledAddons: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.51.0
    FF - prefs.js..extensions.enabledAddons: [email protected]:1.4.2
    FF - prefs.js..extensions.enabledAddons: wecarereminder@bryan:4.1.15.22
    FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120
    FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={C13E0375-04DC-4629-A9DE-02BC5F26BB3C}&Version=3.6.5&Vintage=20121042&Defaultbrowserid=62&Productid=2722&Vendorid=3852&Offerid=6894&searchterm="
    FF - prefs.js..keyword.URL: "http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=8C21AF89554D5ADF1847E1508402E0A9&q="
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Idris\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Idris\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/22 21:58:42 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK

    [2012/04/13 18:23:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Idris\AppData\Roaming\Mozilla\Extensions
    [2012/10/23 17:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\extensions
    [2012/10/21 10:15:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2012/10/21 10:13:43 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    [2012/09/09 09:19:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    File not found (No name found) -- C:\USERS\IDRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAZ6112F.DEFAULT\EXTENSIONS\{C9B68337-E93A-44EA-94DC-CB300EC06444}
    File not found (No name found) -- C:\USERS\IDRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAZ6112F.DEFAULT\EXTENSIONS\[email protected]
    File not found (No name found) -- C:\USERS\IDRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAZ6112F.DEFAULT\EXTENSIONS\WECAREREMINDER@BRYAN
    [2012/10/14 20:01:59 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/10/21 13:44:26 | 000,000,616 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
    [2012/08/29 10:36:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/09/03 09:49:53 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
    [2012/10/14 20:01:59 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Conduit (Enabled)
    CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3244149
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Idris\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Idris\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Idris\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

    O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Idris\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [] File not found
    O4:64bit: - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000..\Run: [Speech Recognition] C:\windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Idris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{412D3727-274D-4DC1-B8EF-4D06A73288A7}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3C8C90F-BDB6-4028-A7B6-8BA1AEFD3CCA}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3C8C90F-BDB6-4028-A7B6-8BA1AEFD3CCA}: NameServer = 8.8.8.8,8.8.4.4
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{1e1ceb5e-6dc2-11e1-8862-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{1e1ceb5e-6dc2-11e1-8862-806e6f6e6963}\Shell\AutoRun\command - "" = D:\install.EXE id= ver=1.0.0.0
    O33 - MountPoints2\{f620bbdf-7f79-11e1-b565-e840f26ee24e}\Shell - "" = AutoRun
    O33 - MountPoints2\{f620bbdf-7f79-11e1-b565-e840f26ee24e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    ***CREATERESTOREPOINT***
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/22 22:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
    [2012/10/22 22:13:19 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Local\CRE
    [2012/10/22 21:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2012/10/22 21:57:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2012/10/22 20:38:52 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Roaming\WinZip
    [2012/10/22 20:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
    [2012/10/22 20:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Security Scan
    [2012/10/22 20:36:33 | 000,019,344 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\windows\SysNative\roboot64.exe
    [2012/10/22 20:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip System Utilities Suite
    [2012/10/22 20:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip System Utilities Suite
    [2012/10/21 16:27:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
    [2012/10/21 15:22:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/10/21 15:22:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/10/21 15:14:17 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Local\{E3C75C48-3941-4419-9C5B-4244C33261A0}
    [2012/10/21 10:50:37 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Roaming\LavasoftStatistics
    [2012/10/21 10:14:10 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Local\Downloaded Installations
    [2012/10/21 10:08:45 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Roaming\Ad-Aware Antivirus
    [2012/10/20 20:05:36 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Local\{483AA1B8-E94E-4CE6-9D20-961CA22C3640}
    [2012/10/20 17:39:55 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Roaming\DefaultTab
    [2012/10/11 15:56:24 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Local\{D93733F2-DD7A-4D20-AB39-46B4057599D6}
    [2012/10/10 22:30:16 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Local\{9E19B52D-6091-43A9-BAB7-4E7D8144DA38}
    [2012/10/10 05:40:53 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
    [2012/10/10 05:40:52 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
    [2012/10/10 05:40:52 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
    [2012/10/10 05:40:40 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
    [2012/10/10 05:40:40 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
    [2012/10/10 05:40:39 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
    [2012/10/10 05:40:39 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
    [2012/10/10 05:40:39 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
    [2012/10/10 05:40:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
    [2012/10/10 05:40:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
    [2012/10/10 05:40:38 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
    [2012/10/10 05:40:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
    [2012/10/10 05:40:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
    [2012/10/10 05:40:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
    [2012/10/10 05:40:38 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
    [2012/10/10 05:40:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2012/10/10 05:40:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2012/10/10 05:40:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012/10/10 05:40:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2012/10/10 05:40:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2012/10/10 05:40:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2012/10/10 05:40:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012/10/10 05:40:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012/10/10 05:40:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2012/10/10 05:40:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2012/10/10 05:40:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012/10/10 05:40:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2012/10/10 05:40:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2012/10/10 05:40:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2012/10/10 05:40:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012/10/10 05:40:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2012/10/10 05:40:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2012/10/10 05:40:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2012/10/10 05:40:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2012/10/10 05:40:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
    [2012/10/10 05:40:22 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
    [2012/10/10 05:39:40 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
    [2012/10/10 05:39:39 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
    [2012/10/09 17:38:59 | 000,145,408 | ---- | C] (Hewlett-Packard Company) -- C:\windows\SysNative\hpfll70v.dll
    [2012/10/09 17:37:07 | 000,642,360 | ---- | C] (Hewlett-Packard) -- C:\windows\SysNative\hpzids40.dll
    [2012/10/09 17:37:07 | 000,551,424 | ---- | C] (Hewlett-Packard) -- C:\windows\SysNative\hppldcoi.dll
    [2012/10/05 07:26:16 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
    [2012/10/04 18:38:02 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Local\{BAFE6A3C-69D1-4D7E-86B9-07B85B221AF9}
    [2012/10/03 22:52:56 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Local\{0A0D1650-1C29-46DE-AE10-50678F93F366}
    [2012/10/03 06:14:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
    [2012/10/02 18:37:44 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Local\{F5020D98-8397-40DE-BD20-4238B046EB12}
    [2012/10/02 18:35:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeChat
    [2012/10/02 18:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Headset
    [2012/10/02 17:20:31 | 000,000,000 | ---D | C] -- C:\windows\pss
    [2012/10/02 16:25:50 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Roaming\Malwarebytes
    [2012/10/02 12:12:21 | 000,000,000 | ---D | C] -- C:\Toshiba
    [2012/10/02 11:34:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
    [2012/10/01 21:35:12 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Roaming\InstallShield
    [2012/10/01 20:40:07 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\OxpsConverter.exe
    [2012/10/01 18:07:45 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Roaming\AVG
    [2012/10/01 18:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2012/10/01 18:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
    [2012/10/01 17:36:20 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Local\LogMeIn Rescue Applet
    [2012/10/01 17:21:23 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Local\WLDI
    [2012/10/01 17:14:35 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Local\{ADD48B29-9002-4876-92F9-B32437067C38}
    [2012/10/01 17:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeChat
    [2012/09/24 16:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

    ========== Files - Modified Within 30 Days ==========

    [2012/10/23 17:22:01 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/23 17:22:01 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/23 17:15:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/23 17:14:49 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
    [2012/10/23 17:14:48 | 000,000,510 | ---- | M] () -- C:\windows\tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job
    [2012/10/23 17:14:48 | 000,000,472 | ---- | M] () -- C:\windows\tasks\WINZIPSS-WINZIPSSOneClickCare.job
    [2012/10/23 17:14:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/10/23 17:14:32 | 2904,666,112 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/23 17:10:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2012/10/23 16:48:01 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/23 16:48:01 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3987105026-2523861380-3924649800-1000UA.job
    [2012/10/23 16:48:01 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3987105026-2523861380-3924649800-1000Core.job
    [2012/10/23 07:14:12 | 000,001,277 | ---- | M] () -- C:\Users\Idris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    [2012/10/22 22:13:36 | 000,000,009 | ---- | M] () -- C:\END
    [2012/10/22 21:58:31 | 000,001,816 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/10/22 20:36:43 | 000,001,812 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk
    [2012/10/22 20:36:43 | 000,001,778 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
    [2012/10/22 20:36:29 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\WinZip System Utilities Suite - Smart Scan.lnk
    [2012/10/22 20:36:29 | 000,002,305 | ---- | M] () -- C:\Users\Idris\Application Data\Microsoft\Internet Explorer\Quick Launch\WinZip System Utilities Suite.lnk
    [2012/10/22 18:46:29 | 000,778,866 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2012/10/22 18:46:29 | 000,660,332 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2012/10/22 18:46:29 | 000,121,228 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2012/10/21 15:22:35 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
    [2012/10/20 16:20:27 | 000,066,416 | ---- | M] () -- C:\Users\Idris\Documents\Bank of America _ Online Banking _ Accounts _ Account Details _ Account Activity.pdf
    [2012/10/10 21:01:39 | 000,002,500 | ---- | M] () -- C:\Users\Idris\Desktop\Google Chrome.lnk
    [2012/10/09 20:11:33 | 000,117,229 | ---- | M] () -- C:\Users\Idris\Documents\Untitled (4).wma
    [2012/10/09 17:56:13 | 000,000,286 | ---- | M] () -- C:\windows\reimage.ini
    [2012/10/09 17:45:35 | 000,136,568 | ---- | M] () -- C:\windows\hphins33.dat
    [2012/10/09 17:10:22 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
    [2012/10/09 17:10:22 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/10/02 11:52:25 | 000,008,039 | ---- | M] () -- C:\Users\Idris\Documents\bookmark.htm
    [2012/10/01 16:22:23 | 000,103,759 | ---- | M] () -- C:\Users\Idris\Documents\Untitled (3).wma
    [2012/09/26 01:11:04 | 001,476,738 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1401010.002\Cat.DB
    [2012/09/25 15:42:05 | 000,008,888 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1401010.002\VT20120921.034

    ========== Files Created - No Company Name ==========

    [2012/10/22 22:13:34 | 000,000,009 | ---- | C] () -- C:\END
    [2012/10/22 21:58:31 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/10/22 20:36:52 | 000,000,510 | ---- | C] () -- C:\windows\tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job
    [2012/10/22 20:36:51 | 000,000,472 | ---- | C] () -- C:\windows\tasks\WINZIPSS-WINZIPSSOneClickCare.job
    [2012/10/22 20:36:43 | 000,001,812 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk
    [2012/10/22 20:36:43 | 000,001,778 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
    [2012/10/22 20:36:29 | 000,002,337 | ---- | C] () -- C:\Users\Public\Desktop\WinZip System Utilities Suite - Smart Scan.lnk
    [2012/10/22 20:36:29 | 000,002,305 | ---- | C] () -- C:\Users\Idris\Application Data\Microsoft\Internet Explorer\Quick Launch\WinZip System Utilities Suite.lnk
    [2012/10/21 15:22:35 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
    [2012/10/21 15:22:21 | 000,002,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/10/20 16:20:27 | 000,066,416 | ---- | C] () -- C:\Users\Idris\Documents\Bank of America _ Online Banking _ Accounts _ Account Details _ Account Activity.pdf
    [2012/10/09 20:11:33 | 000,117,229 | ---- | C] () -- C:\Users\Idris\Documents\Untitled (4).wma
    [2012/10/09 17:55:58 | 000,000,286 | ---- | C] () -- C:\windows\reimage.ini
    [2012/10/09 17:37:21 | 000,136,568 | ---- | C] () -- C:\windows\hphins33.dat
    [2012/10/09 17:37:21 | 000,000,512 | ---- | C] () -- C:\windows\hphmdl33.dat
    [2012/10/08 08:53:54 | 000,001,277 | ---- | C] () -- C:\Users\Idris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    [2012/10/02 11:52:25 | 000,008,039 | ---- | C] () -- C:\Users\Idris\Documents\bookmark.htm
    [2012/10/01 20:17:01 | 000,065,536 | ---- | C] () -- C:\windows\SysNative\Ikeext.etl
    [2012/10/01 16:22:23 | 000,103,759 | ---- | C] () -- C:\Users\Idris\Documents\Untitled (3).wma
    [2012/07/04 06:53:07 | 000,772,714 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2012/06/23 11:40:19 | 000,135,200 | ---- | C] () -- C:\windows\hpoins37.dat
    [2012/06/23 11:40:19 | 000,000,558 | ---- | C] () -- C:\windows\hpomdl37.dat
    [2012/03/14 07:02:36 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
    [2012/03/14 06:57:55 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll
    [2012/03/14 06:56:54 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
    [2012/03/14 06:53:56 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
    [2011/02/03 22:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== Custom Scans ==========

    < **%SYSTEMDRIVE%\*.exe** >

    < MD5 for: AMD64_MICROSOFT-WINDOWS-S..ONTROLLER.RESOURCES_31BF3856AD364E35_6.1.7600.16385_EN-US_C5F238BE3FA63468_SERVICES.EXE.MUI_86EA5E71 >
    [2010/11/21 03:06:45 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468_services.exe.mui_86ea5e71

    < MD5 for: AMD64_MICROSOFT-WINDOWS-S..S-SERVICECONTROLLER_31BF3856AD364E35_6.1.7600.16385_NONE_2B54B20EE6FA07B1_SERVICES.EXE_ABFC33DA >
    [2009/07/13 22:58:23 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1_services.exe_abfc33da

    < MD5 for: AMD64_MICROSOFT-WINDOWS-WINLOGON.RESOURCES_31BF3856AD364E35_6.1.7601.17514_EN-US_291E96FA1AB5FC7B_WINLOGON.EXE.MUI_3280FC46 >
    [2010/11/21 03:06:45 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\Backup\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b_winlogon.exe.mui_3280fc46

    < MD5 for: AMD64_MICROSOFT-WINDOWS-WINLOGON_31BF3856AD364E35_6.1.7601.17514_NONE_CDE90685EB910636_WINLOGON.EXE_AC37D0C5 >
    [2010/11/20 23:27:05 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\Backup\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636_winlogon.exe_ac37d0c5

    < MD5 for: EXPLORER.EXE >
    [2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

    < MD5 for: EXPLORER.EXE.MUI >
    [2010/11/21 03:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
    [2010/11/21 03:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
    [2010/11/21 03:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
    [2010/11/21 03:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

    < MD5 for: EXPLORER.EXE-A80E4F97.PF >
    [2012/10/23 17:22:38 | 000,028,526 | ---- | M] () MD5=EE809EC411DEA85AAC6EC98FF3607577 -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf

    < MD5 for: SERVICES.EXE >
    [2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
    [2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

    < MD5 for: SERVICES.EXE.MUI >
    [2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\windows\SysNative\en-US\services.exe.mui
    [2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

    < MD5 for: SMSVCHOST.EXE >
    [2009/06/10 16:30:46 | 000,116,560 | ---- | M] (Microsoft Corporation) MD5=3E5A36127E201DDF663176B66828FAFE -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    [2009/06/10 16:30:46 | 000,116,560 | ---- | M] (Microsoft Corporation) MD5=3E5A36127E201DDF663176B66828FAFE -- C:\Windows\winsxs\amd64_wcf-smsvchost_b03f5f7f11d50a3a_6.1.7600.16385_none_c7f13af70ac77b22\SMSvcHost.exe
    [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) MD5=D22CD77D4F0D63D1169BB35911BFF12D -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) MD5=D22CD77D4F0D63D1169BB35911BFF12D -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    [2010/11/20 23:24:53 | 000,128,848 | ---- | M] () MD5=F476EC40033CDB91EFBE73EB99B8362D -- C:\Windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe
    [2010/11/20 23:24:53 | 000,128,848 | ---- | M] (Microsoft Corporation) MD5=F476EC40033CDB91EFBE73EB99B8362D -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    [2010/11/20 23:24:53 | 000,128,848 | ---- | M] (Microsoft Corporation) MD5=F476EC40033CDB91EFBE73EB99B8362D -- C:\Windows\winsxs\msil_smsvchost_b03f5f7f11d50a3a_6.1.7601.17514_none_e6b622bd1115139e\SMSvcHost.exe

    < MD5 for: SMSVCHOST.EXE.CONFIG >
    [2009/07/14 01:32:32 | 000,001,951 | ---- | M] () MD5=757BC33428B870035A16FD96B9DDB7FA -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config
    [2009/07/14 01:32:32 | 000,001,951 | ---- | M] () MD5=757BC33428B870035A16FD96B9DDB7FA -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe.config
    [2009/06/10 16:30:46 | 000,001,951 | ---- | M] () MD5=757BC33428B870035A16FD96B9DDB7FA -- C:\Windows\winsxs\amd64_wcf-m_smsvchost_exe_cnf_31bf3856ad364e35_6.1.7600.16385_none_50a8efa432beeea2\SMSvcHost.exe.config
    [2009/06/10 17:14:05 | 000,001,951 | ---- | M] () MD5=757BC33428B870035A16FD96B9DDB7FA -- C:\Windows\winsxs\x86_wcf-m_smsvchost_exe_cnf_31bf3856ad364e35_6.1.7600.16385_none_f48a54207a617d6c\SMSvcHost.exe.config
    [2010/03/18 00:10:40 | 000,002,262 | ---- | M] () MD5=A9E7E2A3A82362D180CEA7EA1EDFA81A -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe.config
    [2010/03/18 00:10:40 | 000,002,262 | ---- | M] () MD5=A9E7E2A3A82362D180CEA7EA1EDFA81A -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe.config

    < MD5 for: SVCHOST.EXE >
    [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2011/03/01 04:10:51 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=635455A95EB8EC47AC72142E501465ED -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391\svchost.exe
    [2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\windows\SysNative\svchost.exe
    [2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe
    [2011/03/01 04:07:49 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe
    [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
    [2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\SysWOW64\svchost.exe
    [2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe

    < MD5 for: SVCHOST.EXE.MUI >
    [2010/11/21 03:06:19 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=712EBAA6DD6DBA7DDEE0A3D03C98E6D1 -- C:\windows\SysNative\en-US\svchost.exe.mui
    [2010/11/21 03:06:19 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=712EBAA6DD6DBA7DDEE0A3D03C98E6D1 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ad3de280c12aaa17\svchost.exe.mui
    [2010/11/21 03:06:14 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=FBC18BEE67E9179F02E7894EB548F18D -- C:\Windows\SysWOW64\en-US\svchost.exe.mui
    [2010/11/21 03:06:14 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=FBC18BEE67E9179F02E7894EB548F18D -- C:\Windows\winsxs\x86_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_511f46fd08cd38e1\svchost.exe.mui

    < MD5 for: SVCHOST.EXE-1C37F0CA.PF >
    [2012/10/23 12:00:10 | 000,017,092 | ---- | M] () MD5=214344520FA791DE1397B6BF06919C2E -- C:\Windows\Prefetch\SVCHOST.EXE-1C37F0CA.pf

    < MD5 for: SVCHOST.EXE-64A5EADA.PF >
    [2012/10/23 17:20:07 | 000,016,980 | ---- | M] () MD5=A83DF09BAF5F7F815F8F1AFB270ABFE2 -- C:\Windows\Prefetch\SVCHOST.EXE-64A5EADA.pf

    < MD5 for: SVCHOST.EXE-8049FA24.PF >
    [2012/10/23 17:26:54 | 000,010,912 | ---- | M] () MD5=DC1893D172505C65A13711AF7BAE1E87 -- C:\Windows\Prefetch\SVCHOST.EXE-8049FA24.pf

    < MD5 for: SVCHOST.EXE-8F6A8F43.PF >
    [2012/10/23 17:26:58 | 000,018,252 | ---- | M] () MD5=6B46C2BC325CF67421122987BBFFB06B -- C:\Windows\Prefetch\SVCHOST.EXE-8F6A8F43.pf

    < MD5 for: USERINIT.EXE >
    [2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
    [2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

    < MD5 for: USERINIT.EXE.MUI >
    [2010/11/21 03:06:20 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=87AE19DA46FE7D5E293937DD36FF1889 -- C:\windows\SysNative\en-US\userinit.exe.mui
    [2010/11/21 03:06:20 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=87AE19DA46FE7D5E293937DD36FF1889 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ebe597d2ec03996d\userinit.exe.mui
    [2010/11/21 03:06:15 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=EA67C653ECFED02D7DBFB889A908CAA9 -- C:\Windows\SysWOW64\en-US\userinit.exe.mui
    [2010/11/21 03:06:15 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=EA67C653ECFED02D7DBFB889A908CAA9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8fc6fc4f33a62837\userinit.exe.mui

    < MD5 for: WINLOGON.EXE >
    [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
    [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

    < MD5 for: WINLOGON.EXE.MUI >
    [2010/11/21 03:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\windows\SysNative\en-US\winlogon.exe.mui
    [2010/11/21 03:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui

    < MD5 for: WINZIPSSDISKEXPLORER.EXE >
    [2012/03/22 08:38:10 | 001,174,416 | ---- | M] (WinZip Computing, S.L. (WinZip Computing)) MD5=388CE652E66BC0789851734A4D15C85A -- C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDiskExplorer.exe

    < ***%systemroot%\*. /rp /s*** >

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: Hitachi HTS543232A7A384 ATA Device
    Partitions: 3
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Unknown
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 1.00GB
    Starting Offset: 1048576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 282.00GB
    Starting Offset: 1573912576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #2
    PartitionType: Unknown
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 15.00GB
    Starting Offset: 304240132096
    Hidden sectors: 0


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4

    < End of report >
     
  5. isasooner

    isasooner Thread Starter

    Joined:
    Oct 22, 2012
    Messages:
    111
    OTL Extras logfile created on: 10/22/2012 6:59:38 PM - Run 1
    OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Idris\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.61 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 65.24% Memory free
    8.98 Gb Paging File | 7.58 Gb Available in Paging File | 84.46% Paging File free
    Paging file location(s): c:\pagefile.sys 5500 8500 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 281.88 Gb Total Space | 236.47 Gb Free Space | 83.89% Space Free | Partition Type: NTFS
    Drive D: | 6.70 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: ISASOONER | User Name: Idris | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Unable to open value key
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Unable to open value key
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Unable to open value key
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Unable to open value key
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Unable to open value key
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Unable to open value key
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{078BA78D-11B2-4530-9BBB-4CAC13135691}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{23165505-B5BB-472C-B127-4B9B7560C379}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{2F82C531-4986-406E-97BC-C51A8BB4B1DB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{67DBF1CE-1C41-44EA-B3CC-E288A53D56A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{69761E04-5AFB-4EE4-8AEC-AF1C022EDC2F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6B53A9D8-7AB1-4677-AB0B-6FCD396738F9}" = rport=138 | protocol=17 | dir=out | app=system |
    "{8DBDFA8C-48BC-44D6-8CA8-0D89B6991EB9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{958A9DCF-A0DC-4D08-BA2F-80937B25B19C}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{9D6CCF67-C6C7-44D6-92F6-168179DB7870}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9DACA927-7DD5-4701-8A80-98FCBFA0A887}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{9F297F33-44AE-40A6-B1DB-8F9D74B5D1F3}" = rport=445 | protocol=6 | dir=out | app=system |
    "{A614AE66-9A5E-44A3-85A1-E5C6CF65C4E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{AA293C63-0388-4A41-92AD-3446B841E417}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C4AFA07A-CA30-4EFA-98B7-36751D14D092}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{C8E22EB9-1492-4958-ACCA-B52028BAB1D7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CE6358AF-C4F4-44F6-B861-FD12F664E2B4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{D5F16942-1290-4FC0-8245-00BE30504029}" = lport=138 | protocol=17 | dir=in | app=system |
    "{DAB3AF3A-0ED2-4020-B517-88BE4A16DCC0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{DC10A687-F2EE-42C1-8326-1C48D75561DD}" = lport=137 | protocol=17 | dir=in | app=system |
    "{DD03D1E5-E494-4D64-8A7D-3B084434F06D}" = lport=445 | protocol=6 | dir=in | app=system |
    "{E53F50FD-5CAF-498F-B304-12F0191B4DD3}" = rport=139 | protocol=6 | dir=out | app=system |
    "{EA5AAEDD-7A8E-4D68-9D92-4AFC3E47112D}" = lport=139 | protocol=6 | dir=in | app=system |
    "{F24A55FB-3D52-471C-9B65-6F9A071B4F9D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{F45B0D5B-6A5D-4300-9424-9CA4062C710D}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{F5A3C46A-08AA-4382-99F1-431005A8F5C0}" = rport=137 | protocol=17 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0E7DEFF6-9421-4E2D-AE1B-5D13C54E4FDD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{12CF42BE-F779-401F-A787-5D6342BF2D23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1626DE2F-3165-4A69-86E9-164B09414EA1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{1D407A77-25AC-4938-AD9A-6BF3F68DF364}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{205A1C76-A425-4476-8353-E45D4B1BCD13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{24C6FDFC-BE03-4435-BBE4-27EEFA2B7282}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{2E2C7555-EA94-4FC3-9E11-DDA4B0BCE473}" = protocol=17 | dir=in | app=c:\users\idris\appdata\local\temp\7zs18ae.tmp\symnrt.exe |
    "{35E67A5C-F200-4FB3-996E-295147EDC24F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
    "{390C5558-4D70-47BA-B90E-D06249517EEE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{3AC431C5-DF76-4FDA-9431-991987F15A3C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{44FD842B-F5C5-45F5-9AC6-8AEA55AEC692}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{4B0A7BC4-9260-4608-B9FF-8B1AF32625CE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{548C0174-2F45-4426-A7D0-230FBB48F45F}" = protocol=6 | dir=in | app=c:\users\idris\appdata\local\temp\7zs18ae.tmp\symnrt.exe |
    "{5F381420-E665-4BA6-9115-25366B970D7D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
    "{602D0160-3D9B-45B8-8C9B-F7CA259AFA57}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{6536F6CE-108F-43CD-9473-4DEFE3AF4002}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{69B648D0-7AEA-4AE4-A249-20CF191DCC17}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{701AC330-6643-4498-BAFD-8EB4AFBBB33D}" = protocol=6 | dir=out | app=system |
    "{732CF90F-3BB2-49C0-B4AF-5FEFAE39F15F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{805438AC-BDEF-4E71-B2FA-D1C0F200FB46}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{90DB61B8-A7DF-4F39-BC79-749AC0C6FD03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{A210FB6D-EEB4-4FA9-BD4F-7F07030242F5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{A7B3C5E6-8B53-4D40-B91F-327A55FC80CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AD9A7D35-65D0-4C6D-9637-E24778DA94BD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{C14D7370-3530-43DB-BC13-892CFC6F2416}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{C5EAB78F-CE9A-43F8-84C0-4E19E26472A8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{CC378879-7DA5-451A-9517-25F05435CD87}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{CCB99B1F-3751-4D44-A226-484806309BA6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
    "{D0CF8E56-D48B-44A5-90B4-0D133D0BCBDA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D48DD8C4-0466-4A41-B62D-6D16AE89A7A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D4BEE939-13A1-4796-919A-6A43765A44F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D6CB9C3A-02C3-4C0B-A070-650DB983E9D7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{DDDE5CD5-F77C-4DEB-9F7A-C3CDC01F7972}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{FEBCA0A1-4BD8-400D-8AC7-52A1E3C623AD}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "TCP Query User{1D5A0EE1-44ED-4E6F-91D2-90855076C104}C:\users\idris\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\idris\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{216D4591-0D74-480D-8A1D-216D9CC35ED4}C:\users\idris\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\idris\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe |
    "TCP Query User{77EA341F-8FB2-4444-92A2-68218BD92860}C:\users\idris\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\idris\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe |
    "TCP Query User{A6EBD1A0-049C-4D46-BA2C-D0F85E2E0405}C:\users\idris\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\idris\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{D02EBA32-2B0F-4DED-9B44-AE0284384521}C:\users\idris\appdata\local\logmein rescue applet\lmir0004.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\idris\appdata\local\logmein rescue applet\lmir0004.tmp\lmi_rescue.exe |
    "UDP Query User{067BF0CA-A802-4D77-AF93-4377A7F7CBFB}C:\users\idris\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\idris\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe |
    "UDP Query User{0E444F3A-B647-4FCA-8DBC-3C93710E70C0}C:\users\idris\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\idris\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{20E8DDC0-9EB5-4D35-A1DB-C47F6BB03598}C:\users\idris\appdata\local\logmein rescue applet\lmir0004.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\idris\appdata\local\logmein rescue applet\lmir0004.tmp\lmi_rescue.exe |
    "UDP Query User{6E0C1A94-00B1-40D3-9B3C-37849BF3D838}C:\users\idris\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\idris\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{E09FC524-A2F1-44C7-A6AA-B103ED807855}C:\users\idris\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\idris\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
    "{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
    "{4ACA5AE7-E68C-5A48-F8E6-D67946267506}" = ATI Catalyst Install Manager
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6316805C-2485-2FF5-974C-750E3BE1DF65}" = AMD Media Foundation Decoders
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SingleImage_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}_Office14.SingleImage_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-0043-0409-1000-0000000FF1CE}_Office14.SingleImage_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver 14.0 Rel. 6
    "{A34D9B7F-8453-DA02-DC98-EEEE085411C6}" = ccc-utility64
    "{A800FCC9-8E1E-4D84-9CED-47870701FDE1}" = HP Deskjet F4400 Printer Driver 14.0 Rel. 5
    "{BD198331-FF8A-4DEB-9F30-A0AC56625A3B}" = Microsoft LifeChat
    "{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
    "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "Office14.SingleImage" = Microsoft Office Home and Student 2010
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0146E330-EEE7-B924-B347-B399460893ED}" = CCC Help Czech
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{09927C92-A652-057A-3A7B-153F23175C58}" = CCC Help Dutch
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
    "{109CBCC5-7151-1CC6-DAD6-6F7DD3162A8A}" = Catalyst Control Center InstallProxy
    "{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}" = TOSHIBA Supervisor Password
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{19E40731-8E1A-07FB-DA7D-8A54603F6408}" = CCC Help English
    "{1B97813D-74A7-25EB-4837-792413507E82}" = CCC Help Danish
    "{1CF94211-A7BB-8151-44B8-6618C5A162F8}" = CCC Help Portuguese
    "{1D7FEEAC-6CEE-5B5F-A8B0-9BE7A6BCB7FB}" = CCC Help Chinese Traditional
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{247E03D2-485B-7A70-BF5C-AB9BDF6AFB44}" = CCC Help Polish
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2EEFB3C4-4706-C2B5-DF69-CF914D87BCE4}" = CCC Help Swedish
    "{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}" = TOSHIBA Hardware Setup
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{337FDED7-D27B-E476-E888-3674E1C01C69}" = CCC Help Spanish
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{4485C9D0-A742-F1BB-C0B0-58FC61960D99}" = CCC Help Korean
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{666E35A7-A224-E3E9-48C2-C641837535D9}" = Catalyst Control Center Localization All
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{8064A378-46F4-4A4E-8AF5-153D0D4018DD}" = Catalyst Control Center - Branding
    "{83601916-2E71-F1C7-EE5F-A1C985BC9217}" = CCC Help German
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8A34A135-D405-DD03-9B2E-0EB99238A312}" = CCC Help Finnish
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{9550EA6C-4CBE-C1F3-1E1C-5E87F2C645ED}" = CCC Help French
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
    "{97F67013-3076-4261-DC10-808409655042}" = AMD VISION Engine Control Center
    "{986BB897-C295-2FED-8DCA-4ADE3AFCEF84}" = CCC Help Russian
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A4FF8F4E-D665-712B-07EE-F03ED360E9BE}" = CCC Help Italian
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A835C187-691C-4827-BCEA-1611179C96B9}" = DJ_AIO_05_F4400_Software_Min
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
    "{ADB50F70-98FF-067F-DF39-47DD83E32D58}" = CCC Help Chinese Standard
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
    "{B83FCE14-53D5-CBF8-87E9-59B8968ADB4C}" = CCC Help Norwegian
    "{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C78E3449-4F24-839B-5F7A-6911C67A5BE9}" = Catalyst Control Center Graphics Previews Common
    "{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
    "{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D6E90970-BA9C-51AA-EFA2-9F80A7AE0956}" = CCC Help Thai
    "{D826A52E-0AC9-5A55-61B8-0E088477A1B0}" = CCC Help Greek
    "{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E69540AC-FFC3-5519-F925-5ACC8D20DED5}" = CCC Help Hungarian
    "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
    "{E9D96BD5-7D33-7ED3-0A8E-229FA2524487}" = CCC Help Turkish
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F5575DD6-8112-45A6-8FFA-C7249C3D8E1F}" = ASPCA Reminder by We-Care.com v4.1.19.1
    "{F931F27F-A967-982A-9226-494787D5FBBB}" = CCC Help Japanese
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Athan" = Athan Basic 4.2
    "DefaultTab" = DefaultTab
    "DefaultTab Chrome" = DefaultTab Chrome
    "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
    "InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
    "InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
    "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "WindowsLiveDeviceIntegrator" = Windows Live Device Integrator
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
    "Adobe Connect Add-in" = Adobe Connect Add-in
    "AIM" = AIM for Windows
    "Akamai" = Akamai NetSession Interface
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/1/2012 8:32:32 PM | Computer Name = Isasooner | Source = RasClient | ID = 20227
    Description =

    Error - 10/1/2012 8:35:11 PM | Computer Name = Isasooner | Source = WinMgmt | ID = 10
    Description =

    Error - 10/1/2012 8:35:33 PM | Computer Name = Isasooner | Source = Toshiba App Place | ID = 0
    Description =

    Error - 10/1/2012 9:08:47 PM | Computer Name = Isasooner | Source = WinMgmt | ID = 10
    Description =

    Error - 10/1/2012 9:10:33 PM | Computer Name = Isasooner | Source = Toshiba App Place | ID = 0
    Description =

    Error - 10/1/2012 9:28:30 PM | Computer Name = Isasooner | Source = WinMgmt | ID = 10
    Description =

    Error - 10/1/2012 9:28:40 PM | Computer Name = Isasooner | Source = Toshiba App Place | ID = 0
    Description =

    Error - 10/2/2012 10:47:42 AM | Computer Name = Isasooner | Source = WinMgmt | ID = 10
    Description =

    Error - 10/2/2012 10:51:23 AM | Computer Name = Isasooner | Source = WinMgmt | ID = 10
    Description =

    Error - 10/2/2012 11:21:03 AM | Computer Name = Isasooner | Source = WinMgmt | ID = 10
    Description =

    [ Media Center Events ]
    Error - 5/30/2012 7:40:15 AM | Computer Name = Isasooner | Source = MCUpdate | ID = 0
    Description = 7:40:15 AM - Error connecting to the internet. 7:40:15 AM - Unable
    to contact server..

    Error - 5/30/2012 7:40:24 AM | Computer Name = Isasooner | Source = MCUpdate | ID = 0
    Description = 7:40:20 AM - Error connecting to the internet. 7:40:20 AM - Unable
    to contact server..

    Error - 5/30/2012 8:40:28 AM | Computer Name = Isasooner | Source = MCUpdate | ID = 0
    Description = 8:40:28 AM - Error connecting to the internet. 8:40:28 AM - Unable
    to contact server..

    Error - 5/30/2012 8:40:36 AM | Computer Name = Isasooner | Source = MCUpdate | ID = 0
    Description = 8:40:34 AM - Error connecting to the internet. 8:40:34 AM - Unable
    to contact server..

    Error - 5/30/2012 9:40:41 AM | Computer Name = Isasooner | Source = MCUpdate | ID = 0
    Description = 9:40:41 AM - Error connecting to the internet. 9:40:41 AM - Unable
    to contact server..

    Error - 5/30/2012 9:40:48 AM | Computer Name = Isasooner | Source = MCUpdate | ID = 0
    Description = 9:40:46 AM - Error connecting to the internet. 9:40:46 AM - Unable
    to contact server..

    Error - 6/7/2012 7:26:09 AM | Computer Name = Isasooner | Source = MCUpdate | ID = 0
    Description = 7:26:00 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 400: The server cannot process the request because the syntax is not valid.
    )


    Error - 6/7/2012 8:26:21 AM | Computer Name = Isasooner | Source = MCUpdate | ID = 0
    Description = 8:26:17 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 400: The server cannot process the request because the syntax is not valid.
    )


    Error - 6/7/2012 9:26:32 AM | Computer Name = Isasooner | Source = MCUpdate | ID = 0
    Description = 9:26:29 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 400: The server cannot process the request because the syntax is not valid.
    )


    Error - 6/7/2012 10:26:43 AM | Computer Name = Isasooner | Source = MCUpdate | ID = 0
    Description = 10:26:40 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 400: The server cannot process the request because the syntax is not valid.
    )


    [ System Events ]
    Error - 10/21/2012 3:12:27 PM | Computer Name = Isasooner | Source = Service Control Manager | ID = 7034
    Description = The DefaultTabSearch service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 10/21/2012 4:14:48 PM | Computer Name = Isasooner | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SBRE

    Error - 10/21/2012 4:14:53 PM | Computer Name = Isasooner | Source = Service Control Manager | ID = 7034
    Description = The DefaultTabSearch service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 10/21/2012 4:28:18 PM | Computer Name = Isasooner | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SBRE

    Error - 10/21/2012 4:28:24 PM | Computer Name = Isasooner | Source = Service Control Manager | ID = 7034
    Description = The DefaultTabSearch service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 10/22/2012 4:06:35 PM | Computer Name = Isasooner | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 4:03:55 PM on ?10/?22/?2012 was unexpected.

    Error - 10/22/2012 4:06:40 PM | Computer Name = Isasooner | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SBRE

    Error - 10/22/2012 4:06:42 PM | Computer Name = Isasooner | Source = Service Control Manager | ID = 7034
    Description = The DefaultTabSearch service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 10/22/2012 6:40:18 PM | Computer Name = Isasooner | Source = Service Control Manager | ID = 7034
    Description = The DefaultTabUpdate service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 10/22/2012 6:42:14 PM | Computer Name = Isasooner | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SBRE


    < End of report >
     
  6. isasooner

    isasooner Thread Starter

    Joined:
    Oct 22, 2012
    Messages:
    111
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-23 17:44:08
    -----------------------------
    17:44:08.542 OS Version: Windows x64 6.1.7601 Service Pack 1
    17:44:08.542 Number of processors: 2 586 0x200
    17:44:08.542 ComputerName: ISASOONER UserName: Idris
    17:44:10.133 Initialize success
    17:45:20.130 AVAST engine defs: 12102300
    17:50:52.299 The log file has been saved successfully to "C:\Users\Idris\Downloads\aswMBR.txt"
     
  7. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    650
    Please can you send the complete aswMBR log.

    If that is all there was, run it again and send the new log.

    Thanks
     
  8. isasooner

    isasooner Thread Starter

    Joined:
    Oct 22, 2012
    Messages:
    111
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-24 09:18:11
    -----------------------------
    09:18:11.267 OS Version: Windows x64 6.1.7601 Service Pack 1
    09:18:11.268 Number of processors: 2 586 0x200
    09:18:11.270 ComputerName: ISASOONER UserName: Idris
    09:18:12.610 Initialize success
    09:18:33.978 AVAST engine defs: 12102300
    09:18:39.349 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
    09:18:39.354 Disk 0 Vendor: Hitachi_HTS543232A7A384 ES2OA70K Size: 305245MB BusType: 11
    09:18:39.365 Disk 0 MBR read successfully
    09:18:39.371 Disk 0 MBR scan
    09:18:39.408 Disk 0 Windows VISTA default MBR code
    09:18:39.430 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    09:18:39.506 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 288645 MB offset 3074048
    09:18:39.606 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 15099 MB offset 594219008
    09:18:39.783 Disk 0 scanning C:\windows\system32\drivers
    09:19:04.138 Service scanning
    09:20:02.273 Modules scanning
    09:20:02.289 Disk 0 trace - called modules:
    09:20:02.320 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    09:20:02.335 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c12060]
    09:20:02.351 3 CLASSPNP.SYS[fffff880018c043f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa80046c1060]
    09:20:03.646 AVAST engine scan C:\windows
    09:20:08.856 AVAST engine scan C:\windows\system32
    09:28:01.241 AVAST engine scan C:\windows\system32\drivers
    09:28:28.104 AVAST engine scan C:\Users\Idris
    09:35:16.154 Disk 0 MBR has been saved successfully to "C:\Users\Idris\Downloads\MBR.dat"
    09:35:16.169 The log file has been saved successfully to "C:\Users\Idris\Downloads\aswMBR.txt2.txt"
    09:37:15.078 AVAST engine scan C:\ProgramData
    09:38:24.507 Scan finished successfully
    09:39:44.707 Disk 0 MBR has been saved successfully to "C:\Users\Idris\Downloads\MBR.dat"
    09:39:44.723 The log file has been saved successfully to "C:\Users\Idris\Downloads\aswMBR.txt3.txt"
     
  9. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    650
    There is still a lot of bad stuff on there even though a lot has been dealt with so we still have a bit of work to do.


    Run OTL
    • double click on the icon to run it.
    • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL
    Code:
     
    :Services
     
    :OTL
    IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm044YYus&ptnrS=XPxdm044YYus&si=CI6ruuum4K8CFQkFnQodM2cb _A&ptb=0A0BAC9F-FAD7-4DC9-BDB9-72E03A2050F1&psa=&ind=2012050120&st=sb&n=77ed72c8&searchfor={searchTerms}
    IE - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=S1122&geo=US&ver=6
    IE - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\..\SearchScopes\{CF006ECD-C343-4ED5-932C-0D2A120861F3}: "URL" = http://www.mysearchresults.com/search?&c=0000&t=01&q={searchTerms}
    IE - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\..\SearchScopes\{E1CF7D1B-C719-49A2-B7C0-544A7DBD37CF}: "URL" = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=8C21AF89554D5ADF1847E150843 41867&q={searchTerms}
    FF - prefs.js..browser.startup.homepage: "http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8C21AF89554D5ADF1 847E15084341867"
    FF - prefs.js..extensions.enabledAddons: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.51.0
    FF - prefs.js..extensions.enabledAddons: [EMAIL="[email protected]"][COLOR=windowtext][email protected][/COLOR][/EMAIL]:1.4.2
    FF - prefs.js..extensions.enabledAddons: wecarereminder@bryan:4.1.15.22
    FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120
    FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={C13E0375-04DC-4629-A9DE-02BC5F26BB3C}&Version=3.6.5&Vintage=20121042&Defaultbrowserid=62&Productid= 2722&Vendorid=3852&Offerid=6894&searchterm="
    FF - prefs.js..keyword.URL: "http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=8C21AF89554D5ADF1847E1508402 E0A9&q="
    FF - user.js - File not found
    [2012/10/21 10:13:43 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\ex tensions\jid1-yZwVFzbsyfMrqQ@jetpack
    [2012/09/09 09:19:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    File not found (No name found) --
    C:\USERS\IDRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAZ6112F.DEFAULT\EX TENSIONS\{C9B68337-E93A-44EA-94DC-CB300EC06444}
    File not found (No name found) -- C:\USERS\IDRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAZ6112F.DEFAULT\EX TENSIONS\[email protected]
    File not found (No name found) -- C:\USERS\IDRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAZ6112F.DEFAULT\EX TENSIONS\WECAREREMINDER@BRYAN
    [2012/10/21 13:44:26 | 000,000,616 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
    CHR - default_search_provider: Conduit (Enabled)
    O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Idris\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found
    O3:[B]64bit:[/B] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:[B]64bit:[/B] - HKLM..\Run: [] File not found
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
    
    
    • click the Run Fix button at the top
    • let the program run unhindered, reboot when it is done
    • post a new OTL log (don't check the boxes beside LOP Check or Purity this time)
    =====================================================

    Download Combofix from either of the links below, and save it to your desktop.

    Link 1
    Link 2

    **Note: It MUST be saved directly to your desktop. Choose save as and then make sure you choose Desktop

    --------------------------------------------------------------------

    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    --------------------------------------------------------------------


    Double click on ComboFix.exe & follow the prompts.
    • when finished, it will produce a report for you.
    • please post the C:\ComboFix.txt for further review.
    Logs to include in the next post:

    OTL fix log
    ComboFix.txt

    Satchfan
     
  10. isasooner

    isasooner Thread Starter

    Joined:
    Oct 22, 2012
    Messages:
    111
    The combo fix rebooted my laptop but upon restart, I cant open or access any program or browser on my laptop, so I cant re post. Need more instructions and fast. I attend school on my laptop.
     
  11. isasooner

    isasooner Thread Starter

    Joined:
    Oct 22, 2012
    Messages:
    111
    I guess something went wrong because after the combo fix rebooted my computer I couldn't access any program on my computer. I was told they were all marked for deletion so I had to restart my computer because I have a class tonight. Do i need to re-do the whole combo fix process over again? Also for some reason I cannot locate my optical drive on my laptop. It disappeared and I cannot watch movies on my windows media player. does this process have anything to do with that?
     
  12. isasooner

    isasooner Thread Starter

    Joined:
    Oct 22, 2012
    Messages:
    111
    All processes killed
    ========== SERVICES/DRIVERS ==========
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3987105026-2523861380-3924649800-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3987105026-2523861380-3924649800-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CF006ECD-C343-4ED5-932C-0D2A120861F3}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF006ECD-C343-4ED5-932C-0D2A120861F3}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3987105026-2523861380-3924649800-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E1CF7D1B-C719-49A2-B7C0-544A7DBD37CF}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1CF7D1B-C719-49A2-B7C0-544A7DBD37CF}\ not found.
    Prefs.js: "http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8C21AF89554D5ADF1 847E15084341867" removed from browser.startup.homepage
    Prefs.js: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.51.0 removed from extensions.enabledAddons
    Prefs.js: [email protected]:1.4.2 removed from extensions.enabledAddons
    Prefs.js: wecarereminder@bryan:4.1.15.22 removed from extensions.enabledAddons
    Prefs.js: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120 removed from extensions.enabledAddons
    Prefs.js: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={C13E0375-04DC-4629-A9DE-02BC5F26BB3C}&Version=3.6.5&Vintage=20121042&Defaultbrowserid=62&Productid= 2722&Vendorid=3852&Offerid=6894&searchterm=" removed from extensions.netassistant.keyword.url
    Prefs.js: "http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=8C21AF89554D5ADF1847E1508402 E0A9&q=" removed from keyword.URL
    Folder C:\Users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\ex tensions\jid1-yZwVFzbsyfMrqQ@jetpack\ not found.
    Folder C:\Program Files (x86)\Mozilla Firefox\extensions\ not found.
    File C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml not found.
    Use Chrome's Settings page to remove the default_search_provider items.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
    Registry value HKEY_USERS\S-1-5-21-3987105026-2523861380-3924649800-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3987105026-2523861380-3924649800-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Idris
    ->Temp folder emptied: 444792 bytes
    ->Temporary Internet Files folder emptied: 72041 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 31233510 bytes
    ->Google Chrome cache emptied: 23843955 bytes
    ->Flash cache emptied: 492 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4110 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 53.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10242012_220710

    Files\Folders moved on Reboot...
    C:\Users\Idris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\Idris\AppData\Local\Temp\~DF00723636C67A489B.TMP not found!
    File\Folder C:\Users\Idris\AppData\Local\Temp\~DF15E364971FB082A5.TMP not found!
    File\Folder C:\Users\Idris\AppData\Local\Temp\~DF57937BB40C2087ED.TMP not found!
    File\Folder C:\Users\Idris\AppData\Local\Temp\~DF6CDC20EAED9D98F0.TMP not found!
    File\Folder C:\Users\Idris\AppData\Local\Temp\~DFB1BCC8CDCC8335FF.TMP not found!
    File\Folder C:\Users\Idris\AppData\Local\Temp\~DFC32D882D8F319AF5.TMP not found!
    File\Folder C:\Users\Idris\AppData\Local\Temp\~DFEC5A4F8665A886BD.TMP not found!
    File\Folder C:\Users\Idris\AppData\Local\Temp\~DFF5C61FBE33CC7C6A.TMP not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  13. isasooner

    isasooner Thread Starter

    Joined:
    Oct 22, 2012
    Messages:
    111
    ComboFix 12-10-24.02 - Idris 10/24/2012 22:28:51.2.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3693.2573 [GMT -4:00]
    Running from: c:\users\Idris\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-25 to 2012-10-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-25 02:36 . 2012-10-25 02:36 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-10-25 02:36 . 2012-10-25 02:36 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-25 02:36 . 2012-10-25 02:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-10-25 01:41 . 2012-10-12 04:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D355A0DB-CD28-4178-B4DF-DB42E36E85B4}\mpengine.dll
    2012-10-24 23:17 . 2012-10-24 23:17 -------- d-----w- C:\_OTL
    2012-10-23 16:29 . 2012-10-12 04:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-10-23 02:13 . 2012-10-23 02:13 -------- d-----w- c:\users\Idris\AppData\Local\CRE
    2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-10-23 01:57 . 2012-10-24 23:13 -------- d-----w- c:\program files (x86)\QuickTime
    2012-10-23 00:38 . 2012-10-25 01:08 -------- d-----w- c:\users\Idris\AppData\Roaming\WinZip
    2012-10-21 20:27 . 2012-10-21 20:27 -------- d-----w- c:\program files (x86)\Microsoft
    2012-10-21 19:25 . 2012-10-21 19:24 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{871B5673-2EB6-428E-8B47-EFE2BD083C40}\gapaengine.dll
    2012-10-21 19:22 . 2012-10-21 19:22 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-10-21 19:22 . 2012-10-21 19:22 -------- d-----w- c:\program files\Microsoft Security Client
    2012-10-21 14:50 . 2012-10-21 14:50 -------- d-----w- c:\users\Idris\AppData\Roaming\LavasoftStatistics
    2012-10-21 14:14 . 2012-10-21 14:14 -------- d-----w- c:\users\Idris\AppData\Local\Downloaded Installations
    2012-10-21 14:08 . 2012-10-21 19:10 -------- d-----w- c:\users\Idris\AppData\Roaming\Ad-Aware Antivirus
    2012-10-20 21:39 . 2012-10-24 23:41 -------- d-----w- c:\users\Idris\AppData\Roaming\DefaultTab
    2012-10-15 00:02 . 2012-10-15 00:02 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
    2012-10-15 00:02 . 2012-10-15 00:02 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
    2012-10-10 09:39 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
    2012-10-10 09:39 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
    2012-10-10 09:39 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
    2012-10-10 09:39 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-10-10 09:39 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-10-10 09:39 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-10-10 09:39 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-10-10 09:39 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-10-09 21:44 . 2009-04-16 18:08 248320 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp70v.dll
    2012-10-09 21:38 . 2009-04-16 18:08 145408 ----a-w- c:\windows\system32\hpfll70v.dll
    2012-10-09 21:37 . 2009-04-16 11:53 642360 ----a-w- c:\windows\system32\hpzids40.dll
    2012-10-09 21:37 . 2008-10-29 00:27 551424 ----a-w- c:\windows\system32\hppldcoi.dll
    2012-10-05 11:26 . 2012-10-05 11:26 -------- d-----w- C:\N360_BACKUP
    2012-10-03 10:14 . 2012-10-21 14:11 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-11 09:50 . 2012-04-07 11:10 65309168 ----a-w- c:\windows\system32\MRT.exe
    2012-10-09 21:10 . 2012-04-13 23:17 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-09 21:10 . 2011-11-02 12:01 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-01 15:18 . 2012-09-01 15:18 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-01 15:18 . 2012-07-20 11:59 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-09-01 15:18 . 2011-11-02 12:01 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-08-31 02:03 . 2012-08-31 02:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-08-28 05:49 . 2012-09-18 13:17 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{53B6CFDD-5688-4055-9DAB-18FD12AADC34}\mpengine.dll
    2012-08-24 11:15 . 2012-09-22 07:06 17810944 ----a-w- c:\windows\system32\mshtml.dll
    2012-08-24 10:39 . 2012-09-22 07:06 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-08-24 10:31 . 2012-09-22 07:06 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-08-24 10:22 . 2012-09-22 07:06 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-08-24 10:21 . 2012-09-22 07:06 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 10:20 . 2012-09-22 07:06 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-24 10:18 . 2012-09-22 07:06 237056 ----a-w- c:\windows\system32\url.dll
    2012-08-24 10:17 . 2012-09-22 07:06 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-08-24 10:14 . 2012-09-22 07:06 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-08-24 10:14 . 2012-09-22 07:06 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-08-24 10:13 . 2012-09-22 07:06 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-08-24 10:12 . 2012-09-22 07:06 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-08-24 10:11 . 2012-09-22 07:06 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-08-24 10:10 . 2012-09-22 07:06 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-08-24 10:09 . 2012-09-22 07:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-08-24 10:04 . 2012-09-22 07:06 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-08-24 06:59 . 2012-09-22 07:06 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-08-24 06:51 . 2012-09-22 07:06 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-08-24 06:51 . 2012-09-22 07:06 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47 . 2012-09-22 07:06 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47 . 2012-09-22 07:06 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-08-24 06:43 . 2012-09-22 07:06 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-08-22 18:12 . 2012-09-12 01:15 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-09-12 01:16 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-09-12 01:15 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-12 01:15 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-20 17:38 . 2012-10-10 09:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-08-02 17:58 . 2012-09-12 01:15 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-08-02 16:57 . 2012-09-12 01:15 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "WindowsLiveDeviceIntegrator"="c:\program files (x86)\Windows Live\Device Integrator\wldi.exe" [2010-09-24 245544]
    .
    c:\users\Idris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 245120]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 cpuz134;cpuz134;c:\users\Idris\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
    R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2012-01-05 1675840]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 250984]
    R3 TDEIO;TDEIO; [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-07 1255736]
    R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-08 204288]
    R4 GFNEXSrv;GFNEX Service;c:\ubios\GFNEXSrv.exe [2010-04-23 133640]
    R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 136176]
    R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 136176]
    R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-15 115168]
    R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
    R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-08 9360896]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-08 309760]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-14 413800]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-02-24 1142376]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 21:10]
    .
    2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 11:22]
    .
    2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 11:22]
    .
    2012-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3987105026-2523861380-3924649800-1000Core.job
    - c:\users\Idris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 01:31]
    .
    2012-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3987105026-2523861380-3924649800-1000UA.job
    - c:\users\Idris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 01:31]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 371712]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{B3C8C90F-BDB6-4028-A7B6-8BA1AEFD3CCA}: NameServer = 8.8.8.8,8.8.4.4
    FF - ProfilePath - c:\users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\
    FF - prefs.js: browser.startup.homepage - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8C21AF89554D5ADF1847E15084341867
    FF - ExtSQL: 2012-10-21 10:13; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-10-24 22:40:50
    ComboFix-quarantined-files.txt 2012-10-25 02:40
    ComboFix2.txt 2012-10-24 23:50
    .
    Pre-Run: 255,404,634,112 bytes free
    Post-Run: 254,967,721,984 bytes free
    .
    - - End Of File - - 10B779FD5C78CC048AAFBA9D322C7B17
     
  14. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    650
    I'm afraid immediate replies are not going to happen. We are volunteers with jobs and families plus we are in different time zones. I do, however, reply as quickly as I can and appreciate that you are keen to get this sorted out.

    The ComboFix log you sent me was the second run. Please send the first one. ComboFix logs are located at c:\combofix.txt, older logs are at c:\qoobox\combofix2.txt, c:\qoobox\ComboFix3.txt etc
     
  15. isasooner

    isasooner Thread Starter

    Joined:
    Oct 22, 2012
    Messages:
    111
    ComboFix 12-10-24.02 - Idris 10/24/2012 22:28:51.2.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3693.2573 [GMT -4:00]
    Running from: c:\users\Idris\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-25 to 2012-10-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-25 02:36 . 2012-10-25 02:36 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-10-25 02:36 . 2012-10-25 02:36 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-25 02:36 . 2012-10-25 02:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-10-25 01:41 . 2012-10-12 04:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D355A0DB-CD28-4178-B4DF-DB42E36E85B4}\mpengine.dll
    2012-10-24 23:17 . 2012-10-24 23:17 -------- d-----w- C:\_OTL
    2012-10-23 16:29 . 2012-10-12 04:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-10-23 02:13 . 2012-10-23 02:13 -------- d-----w- c:\users\Idris\AppData\Local\CRE
    2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-10-23 01:57 . 2012-10-24 23:13 -------- d-----w- c:\program files (x86)\QuickTime
    2012-10-23 00:38 . 2012-10-25 01:08 -------- d-----w- c:\users\Idris\AppData\Roaming\WinZip
    2012-10-21 20:27 . 2012-10-21 20:27 -------- d-----w- c:\program files (x86)\Microsoft
    2012-10-21 19:25 . 2012-10-21 19:24 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{871B5673-2EB6-428E-8B47-EFE2BD083C40}\gapaengine.dll
    2012-10-21 19:22 . 2012-10-21 19:22 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-10-21 19:22 . 2012-10-21 19:22 -------- d-----w- c:\program files\Microsoft Security Client
    2012-10-21 14:50 . 2012-10-21 14:50 -------- d-----w- c:\users\Idris\AppData\Roaming\LavasoftStatistics
    2012-10-21 14:14 . 2012-10-21 14:14 -------- d-----w- c:\users\Idris\AppData\Local\Downloaded Installations
    2012-10-21 14:08 . 2012-10-21 19:10 -------- d-----w- c:\users\Idris\AppData\Roaming\Ad-Aware Antivirus
    2012-10-20 21:39 . 2012-10-24 23:41 -------- d-----w- c:\users\Idris\AppData\Roaming\DefaultTab
    2012-10-15 00:02 . 2012-10-15 00:02 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
    2012-10-15 00:02 . 2012-10-15 00:02 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
    2012-10-10 09:39 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
    2012-10-10 09:39 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
    2012-10-10 09:39 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
    2012-10-10 09:39 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-10-10 09:39 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-10-10 09:39 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-10-10 09:39 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-10-10 09:39 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-10-09 21:44 . 2009-04-16 18:08 248320 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp70v.dll
    2012-10-09 21:38 . 2009-04-16 18:08 145408 ----a-w- c:\windows\system32\hpfll70v.dll
    2012-10-09 21:37 . 2009-04-16 11:53 642360 ----a-w- c:\windows\system32\hpzids40.dll
    2012-10-09 21:37 . 2008-10-29 00:27 551424 ----a-w- c:\windows\system32\hppldcoi.dll
    2012-10-05 11:26 . 2012-10-05 11:26 -------- d-----w- C:\N360_BACKUP
    2012-10-03 10:14 . 2012-10-21 14:11 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-11 09:50 . 2012-04-07 11:10 65309168 ----a-w- c:\windows\system32\MRT.exe
    2012-10-09 21:10 . 2012-04-13 23:17 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-09 21:10 . 2011-11-02 12:01 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-01 15:18 . 2012-09-01 15:18 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-01 15:18 . 2012-07-20 11:59 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-09-01 15:18 . 2011-11-02 12:01 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-08-31 02:03 . 2012-08-31 02:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-08-28 05:49 . 2012-09-18 13:17 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{53B6CFDD-5688-4055-9DAB-18FD12AADC34}\mpengine.dll
    2012-08-24 11:15 . 2012-09-22 07:06 17810944 ----a-w- c:\windows\system32\mshtml.dll
    2012-08-24 10:39 . 2012-09-22 07:06 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-08-24 10:31 . 2012-09-22 07:06 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-08-24 10:22 . 2012-09-22 07:06 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-08-24 10:21 . 2012-09-22 07:06 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 10:20 . 2012-09-22 07:06 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-24 10:18 . 2012-09-22 07:06 237056 ----a-w- c:\windows\system32\url.dll
    2012-08-24 10:17 . 2012-09-22 07:06 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-08-24 10:14 . 2012-09-22 07:06 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-08-24 10:14 . 2012-09-22 07:06 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-08-24 10:13 . 2012-09-22 07:06 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-08-24 10:12 . 2012-09-22 07:06 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-08-24 10:11 . 2012-09-22 07:06 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-08-24 10:10 . 2012-09-22 07:06 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-08-24 10:09 . 2012-09-22 07:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-08-24 10:04 . 2012-09-22 07:06 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-08-24 06:59 . 2012-09-22 07:06 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-08-24 06:51 . 2012-09-22 07:06 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-08-24 06:51 . 2012-09-22 07:06 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47 . 2012-09-22 07:06 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47 . 2012-09-22 07:06 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-08-24 06:43 . 2012-09-22 07:06 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-08-22 18:12 . 2012-09-12 01:15 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-09-12 01:16 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-09-12 01:15 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-12 01:15 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-20 17:38 . 2012-10-10 09:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-08-02 17:58 . 2012-09-12 01:15 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-08-02 16:57 . 2012-09-12 01:15 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "WindowsLiveDeviceIntegrator"="c:\program files (x86)\Windows Live\Device Integrator\wldi.exe" [2010-09-24 245544]
    .
    c:\users\Idris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 245120]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 cpuz134;cpuz134;c:\users\Idris\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
    R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2012-01-05 1675840]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 250984]
    R3 TDEIO;TDEIO; [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-07 1255736]
    R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-08 204288]
    R4 GFNEXSrv;GFNEX Service;c:\ubios\GFNEXSrv.exe [2010-04-23 133640]
    R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 136176]
    R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 136176]
    R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-15 115168]
    R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
    R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-08 9360896]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-08 309760]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-14 413800]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-02-24 1142376]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 21:10]
    .
    2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 11:22]
    .
    2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 11:22]
    .
    2012-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3987105026-2523861380-3924649800-1000Core.job
    - c:\users\Idris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 01:31]
    .
    2012-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3987105026-2523861380-3924649800-1000UA.job
    - c:\users\Idris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 01:31]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 371712]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{B3C8C90F-BDB6-4028-A7B6-8BA1AEFD3CCA}: NameServer = 8.8.8.8,8.8.4.4
    FF - ProfilePath - c:\users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\
    FF - prefs.js: browser.startup.homepage - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8C21AF89554D5ADF1847E15084341867
    FF - ExtSQL: 2012-10-21 10:13; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-10-24 22:40:50
    ComboFix-quarantined-files.txt 2012-10-25 02:40
    ComboFix2.txt 2012-10-24 23:50
    .
    Pre-Run: 255,404,634,112 bytes free
    Post-Run: 254,967,721,984 bytes free
    .
    - - End Of File - - 10B779FD5C78CC048AAFBA9D322C7B17
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1073716